Hi zetetic community!
I have added SQLCipher in an iOS App, but after Ethical Hacking Analysis, the use of potential insecure functions was detected.
Specifically, several occurrences of “malloc” function were found in SQLCipher code, and the recommendation of our Security Analysis Department is substitute “malloc” function with more secure versions like “calloc”. If not, a deep analysis of the code is required to asure that the implementation of malloc is free of vulnerabilities.
We could try to modify SQLCipher by own, but this solution would make hard to maintain the code for future updates of the Library. Somebody who had analyzed before can help with this topic? Is the implementation of malloc secure in this case?
Thanks in advance